This work addresses the viability of man in the middle (MITM) attacks, and stripping attacks
in particular, on the web today. First, to present the severity of the threat, a modi ed version
on Moxie Marlinspike's sslstrip attack is demonstrated to have the capability to compromise web
applications with arbitrary authentication schemes in an automated fashion. Several methods for
mitigating the attacks are then discussed in turn. HSTS, the incumbent technology, is found to have
numerous de ciencies, the most important of which is its failure to guarantee protection against
stripping attacks at all. A new variation on HSTS, called Distributed HSTS, provides the desired
security guarantee for all connections involving a valid TLS certi cate. Lastly, another distributed
solution called NOSTRIP has the best theoretical properties of the three, ensuring security for all
connections between hosts without the need for TLS certi cates. Though these methods may be
e ective defenses to stripping attacks, additional MITM vulnerabilities are shown to exist due to
the behavior of browsers. Thus, it is concluded that the web is still far from being safe from MITM
attacks, and continued research on the topic is called for.